Page 1 of 1
is it reasonably safe to store files under web root?
Posted: Fri Dec 25, 2009 9:22 pm
by scarface222
The title speaks for itself...can I store files in sub directory in my public folder and feel safe?
Re: is it reasonably safe to store files under web root?
Posted: Fri Dec 25, 2009 9:59 pm
by alex.barylski
Define safe...depends on your setup.
Are the files for private eyes only. If that is the case and your on a shared server, your probalby best keeping those files in a MySQL server. If you are running a dedicated server, you could probably get away with keeping the files on the file system, but outside docroot. Lastly (alternatively) you could password protect the directories that contain sensitive files...personally I dislike this technique as its entirely dependent on Apache being configured properly.
Using a database is probably the safest all round solution using a proxy script to fetch the contents and return the file to the requester.
Cheers,
Alex
Re: is it reasonably safe to store files under web root?
Posted: Fri Dec 25, 2009 10:15 pm
by scarface222
Hey thanks for your reply Alex. I am on a virtual private network on a remote server and this is my first website so I am always learning. I am storing mp3s and images that the users upload so they are frequently read and are not exactly sensitive information. I have them in a usercontent folder within the publichtml folder (web root) since I did not think it was possible based on information I had seen to access these files outside the web root. What is your opinion on the situation?